Security news28 February 2007
Child abuse suspicion no excuse for hacking, says Sophos poll 64% say it is not acceptable to hack a PC, even if you think its owner might be involved in child abuse
An online poll* of 233 computer users, undertaken by IT security and control firm Sophos, shows that the majority of people surveyed disagree that it is acceptable to infect and hack into a PC if it is believed it may belong to a child abuser.
The poll followed last week's news that 66-year-old American judge, Ronald C Kline, has been convicted for possessing child pornography on the basis of evidence obtained by a hacker.
The survey reveals that 64 percent of computer users do not believe it is ever right to illegally infect or hack into a PC, even if its owner is suspected to be a child abuser.
"Having a 'hunch' that someone might be involved in child abuse isn't a justifiable reason to infect and hack into their PC - that's what most people we surveyed have told us loud and clear," said Graham Cluley, senior technology consultant for Sophos. "Two wrongs don't make a right, and hackers should not take the law into their own hands. Instead of acting alone, anyone with a strong reason or evidence to suspect someone of illegal activity should notify the authorities immediately and let the investigation run its proper course."
Survey results
|
Is it okay to illegally infect and hack into a PC if you think it might belong to a child abuser?
| ||||
| Yes, it is okay |
| |||
| No, it is not okay |
| |||
* Source: Sophos online poll, 233 respondents, February 2007.
In 1999, Canadian hacker Brad Willman planted a Trojan horse, disguised as images of child abuse, on an internet newsgroup visited by pedophiles. The hacker (who used the handle Omni-Potent) broke into the PCs of those he infected, focusing on those he suspected of being involved in child abuse. One of the PCs targeted by Willman belonged to Kline, a former Californian judge.
"Not only is vigilante hacking illegal, it can seriously compromise a police investigation. For instance, suspects could argue that as they have been hacked it could have been the hacker who actually placed the illegal material on their PC," continued Cluley. "Authorities investigating potential suspects may even fall victim to cyberattacks themselves as they download evidence from sites such as the one targeted by Willman."
- Find out more about how to protect children from online threats at www.getsafeonline.org
- Find out about the Virtual Global Taskforce - a group of police forces working around the world to fight online child abuse
Many respondents also sent comments to Sophos in reaction to the survey. Here is a small selection:
"I think this is quite straight forward. If there is enough evidence to justify your suspicion in the first place, then there is enough evidence for a warrant to seize the computer. Otherwise we will get to the point where I could be accused of illegal hacking and I reply, but he just looked like a pedophile to me."
"I agree that people need to be caught if they are doing something illegal. But I don't agree with law enforcement or the government having the right to break laws to catch people."
"Although I believe that it is not right for a member of the general public to infect and hack into someone else’s computer if it might be used for child abuse (or, indeed, for any other nefarious activities), I do believe that these sorts of tools should be available to the authorities if they have just cause in an ongoing investigation."
"This was a clear case of vigilantism. The suspicion should have been reported to the proper civil authorities who could obtain a warrent to monitor properly. While the crime was reprehensible two wrongs do not make a right but rather often take away a rite. The hacker should be working with the civil authorities to share his expertise in training and legally stopping these crimes. Was anything done to locate these children and the person or person responsible for making these obscene materials?"
"I do not think the question is worded to avoid a skewed response. You are asking a simple question not well worded to answer a complex problem. Is it okay to illegally infect and hack into a PC if you think it might belong to a child abuser? The question implies that you only need to think that the person is a pedophile. This does not consider WHY you think that the person is a pedophile. What would any parent say to this formation of the question? 'Is it OK to use illegal means to protect your own child?'"
"Dangerous to start allowing some people to hack and others to not. At what point do we say you can hack you cannot. Where does it stop. On the other hand those who break the law survive of such arguments and loopholes in the law. In such serious cases as pedophiles then I think we should allow the police to hack our computers as long as they have a search warrant from the judiciary. Personally I have nothing to hide on my PCs so I do not really care if they hack in... as long as there is no malicious intent. How do we control that? Hence there needing to be controls over those who hack."
"It is the rule of law that protects us ultimately, and any end run around the rule of law endangers us more than the spurious protections we believe that we obtain. No! Emphatically no to illegally hacking anyone's computer for any reason, including protection of children, or even national security. We need to answer: do we want to become a police state or an anarchic society of vigilantes?"
Disclaimer: Please bear in mind
that this poll is not scientific and is provided for information purposes only.
The comments expressed on this page are those of a subsection of poll
participants, and not necessarily those of Sophos. Sophos makes no guarantees
about the accuracy of the results other than that they reflect the choices of
the users who participated. Sophos reserves the right to edit participants'
comments for the purposes of clarity, brevity and decency. Sophos reserves the
right not to publish the comments of all participants.
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.
